Chinese cyber-spies work office hours

The security company, Mandiant, that first identified the Chinese military hackers that were charged by the US government on Monday with multiple crimes has revealed they maintain very mundane, non-hacker like office hours.

On Tuesday Mandiant released for the first time detailed new data on the work habits of the group of hackers hailing from the Chinese People’s Liberation Army (PLA) Unit 61398, which is a part of the PLA General Staff Department’s Third Department.

This information was not disclosed in Mandiant’s widely-covered 2013 report, which was called “APT1: Exposing one of China’s Cyber Espionage Units”. Mandiant shot to fame in January 2013 when it was hired by The New York Times to repel Chinese hackers, which according to The Times, had persistently attacked and infiltrated its computer network.

Based on 1,905 remote desktop protocol connections that Mandiant tracked between 2011 and 2013, the company says China’s military hackers, which they call “APT1”, conducted almost all of their activity “on week days (Monday through Friday)” and “between 8am and noon, 2pm and 6pm, and 7pm and 10pm China Standard Time”.

“On some occasions, APT1 personnel appear to have worked on weekends, but these are minor exceptions to the norm.”

Mandiant’s analysis shows 97.5 per cent of the cyber-spies’ activity was on weekdays and 98.2 per cent of the IP addresses were Chinese, belonging “predominantly to four large net blocks in Shanghai”.

“These data sets show APT1 is either operating in China during normal Chinese business hours, or APT1 is intentionally going to painstaking lengths to look like they are,” the company said.

China has aggressively denied the accusations and suspended its involvement in the Sino-US Cyber Working Group, which was set up in April 2013 to address allegations of Chinese industrial espionage.

A Chinese Foreign Ministry spokesman, Qin Gang, said: “The US fabricated facts in an indictment of five officers for so-called cybertheft by China, a move that seriously violates basic norms of international relations and damages Sino-US cooperation and mutual trust. China has lodged a protest with the US, urged the US to correct the error immediately and withdraw its so-called prosecution.”

The Australian Financial Review

BY Christopher Joye

Christopher Joye is a contributing editor to The Australian Financial Review. He is a leading economist, fund manager and policy adviser who has previously worked for Goldman Sachs and the RBA, and was a director of the Menzies Research Centre. He is currently a director of Smarter Money Investments.

BY Christopher Joye

Christopher Joye is a contributing editor to The Australian Financial Review. He is a leading economist, fund manager and policy adviser who has previously worked for Goldman Sachs and the RBA, and was a director of the Menzies Research Centre. He is currently a director of Smarter Money Investments.